virus/security problems

Again writing at same time.

Do the pings I asked for also and post results.

The card shows to be ok now, are you still not getting on the www?

Mike

 

isp is sbcglobal.net

I removed the dsl network card before I ran the last ipconfig

 

ping results:


Pinging 192.168.1.1 with 32 bytes of data:


Reply from 192.168.1.1: bytes=32 time<10ms TTL=150

Reply from 192.168.1.1: bytes=32 time<10ms TTL=150

Reply from 192.168.1.1: bytes=32 time<10ms TTL=150

Reply from 192.168.1.1: bytes=32 time<10ms TTL=150


Ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms




Unknown host yahoo.com.

 

and still no www access

 

OK still looking up sbcglobal.

The ping results show that you have a proper connection to the router. So the dns numbers are incorrect.

Get the install sheet that came with the router.

Load internet explorer an in the address line type 192.168.1.1 enter user name and password then connect to the router.

Change nothing, save nothing, but only click on the Status and write all the info down or print it.

Then post all this back to me.

From here we may have it.

mike

 

LAN:
(MAC Address: 00-06-25-D7-CE-29)
IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0
DHCP server: Enabled


WAN:
(MAC Address: 00-06-25-D7-CE-2A)
IP Address: 0.0.0.0
Subnet Mask: 255.255.255.0
Default Gateway: 0.0.0.0
DNS: 0.0.0.0
0.0.0.0
0.0.0.0

 

Shannon

OK by this info from the router tells me it is not seeing the modem.

You said this worked. Or did you mean that the install went OK then switched the cable????

You cannot use a regular patch cable from the router to the modem. It needs to be a crossover cable.

DID YOU USE THE CABLE THAT CAME IN THE BOX WITH THE ROUTER TO GO BETWEEN THE ROUTER AND THE MODEM.

If not power them down and switch it then power them back up, modem first then wait 30 or more seconds and then the router.

After this you should get a link light on the modem and router to show they are connected.

Then do the same internet check as before and get me the info if changed.

Your move.

Mike

 

I did not use the cable that came with the router, but the cable I used last night allowed the internet connection to be recognized.

I went ahead and switched the cables, but the cable in the box is a straight patch, not cross-over. After I powered them on and ran the same check I still had the same results... no connection.

HOWEVER... I decided I should take a close look at the setup guide that came with the router, instead of relying on the setup wizard disk. I followed the "configure the router" directions... and voila... I have a connection!

Now I need to find out if the other computers have access to www through the router... and I need to disable two of them from having such access.

What should I do from here?

 

Here's the most recent status info from the router:

Login:
PPPoE
Status: Connected



LAN:
(MAC Address: 00-06-25-D7-CE-29)
IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0
DHCP server: Enabled


WAN:
(MAC Address: 00-06-25-D7-CE-2A)
IP Address: 208.191.124.3
DNS: 151.164.17.201
151.164.11.201
0.0.0.0

 

OK! Good job!

They will likely not have internet access unless they have been set up for it.

I know what you mean about allowing them to play and tinker on the www.

But you should setup acccess to the internet to allow "YOU" only to access windows update and to do Virus updates. And then to easily disable it for them.

All you need to do is after internet is set up and connecting properly, is to rename Iexplorer.exe to Iexplore.sav, then the next time "you" need to use it rename it back to Iexplore.exe. Then rename it again when you are through.

So test it see if it does by chance connect and let me know what you want to do.

Also print the router status page and copy it and you keep a copy.

Mike

 

Okay... already checked for web connection on all three slaves and no luck.

What next?

 

Well what do you want to do?

Leave access off or set them up and hide Internet explorer?

Mike

 

Let's go ahead and set them up... then can hide

 

You know Shannon by telling you how to do this (hide IE) I am disclosing trade secrets don't you.

I must like you! Smile.

Mike

 

well, it will be our little secret then

how could anyone resist my charm?

 

Well now lets not get coc*y! Smile!

Kind of hard to keep a secret we are on the WWW. Newt and a couple of others are going to kill me! Smile!

On the 98 machines, rt click network neighborhood properties. In configuration choose TCP/IP->3com etherlink etc (here it will be the name of your Network card). Dbl click it.

Set it to obtain IP address automaticly. Then click gateway and remove any that happen to be there and add 192.168.1.1.

Then in DNS make the hostname anything short like station1 and in the Domain put sbcglobal.net. Then below this in DNS put the 2 dns numbers from the router print out.

Make sure that in WINS that it is disabled.

Reboot and test. If ok then do the other.

While you are doing that I will post instructions on how to hide.


Mike

 

While I await your reply, I went ahead and ran the "hijack" program on the administrator computer.... here's the results:

Logfile of HijackThis v1.94.0
Scan saved at 3:11:46 PM, on 6/20/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=+s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Winamp\Winampa.exe "
O4 - HKLM\..\Run: [NAV Agent] C:\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\FULL_FEL.EXE
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?rand=200341118
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {69DEAF94-AF66-11D3-BEC0-00105AA9B6AE} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37508.65375
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E66235-7AA6-44ED-A06C-6F2033B1D993} - http://distribution.trafficsyndicate.com/msiein.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://bannerfarm.ace.advertising.com/bannerfarm/42833/VbouncerOuter1123030505.exe

 

Okay... I set changed everything as instructed, rebooted, but still no access on the first 98 computer.

Your move

 

Well well well

I need you to go into config-misc tools-generate startup list and post that.

But in looking at this I see many things I would not have.

I will tackle that later just get me the info.

Mike

 

Ok send me a ipconfig on this machine.

Mike